## An Overview of the Tatami Project (2000)

### Cached

### Download Links

- [ase.arc.nasa.gov]
- [www.cs.ucsd.edu]
- [www-cse.ucsd.edu]
- DBLP

### Other Repositories/Bibliography

Citations: | 13 - 8 self |

### BibTeX

@MISC{Goguen00anoverview,

author = {Joseph Goguen and Kai Lin and Grigore Rosu and Akira Mori and Bogdan Warinschi},

title = {An Overview of the Tatami Project},

year = {2000}

}

### Years of Citing Articles

### OpenURL

### Abstract

This paper describes the Tatami project at UCSD, which is developing a system to support distributed cooperative software development over the web, and in particular, the validation of concurrent distributed software. The main components of our current prototype are a proof assistant, a generator for documentation websites, a database, an equational proof engine, and a communication protocol to support distributed cooperative work. We believe behavioral specification and verification are important for software development, and for this purpose we use first order hidden logic with equational atoms. The paper also briefly describes some novel user interface design methods that have been developed and applied in the project

### Citations

1573 |
The magic number seven, plus or minus two: Some limits on our capacity for processing information
- Miller
- 1956
(Show Context)
Citation Context ...any of these justification draw on narratology. 1. Limiting the number of non-automatic proof steps on tatami pages to approximately 7 is consistent with known limitations of human cognitive capacity =-=[30]. 2. The i-=-dea of a giving a "narrative" order to tatami pages comes from the theory of stories [25]; the idea of including obstacles comes from Campbell [5] and others. 3. Attaching prover-supplied in... |

1116 | Software Engineering Economics
- Boehm
- 1981
(Show Context)
Citation Context ...y!) quickly written or even automatically generated from specifications that are sufficiently modular and detailed, and empirical studies show that little of software cost comes from errors in coding =-=[3]-=-. Therefore we focus on specification and verification at the design level, and avoid the ugly complications of programming language semantics. Since we wish to assist ordinary software engineers in u... |

475 |
Institutions: Abstract Model Theory for Specification and Programming
- Goguen, Burstall
- 1992
(Show Context)
Citation Context ...ions can be seen as translations or maps from one sign system to another [11]; it is similarly natural to formalize these translations using the notion of theory morphism from algebraic specification =-=[13]-=-. But examples in our application domains show that maps between sign systems do not in general fully preserve structure, and in particular, must be given by partial functions. These considerations mo... |

469 |
Human-Computer Interaction
- Preece, Rogers, et al.
- 1994
(Show Context)
Citation Context ...neral, and for website design in particular, nearly always calls for using style guidelines to produce a uniform "look and feel" that is appropriate for the particular application involved, =-=e.g., see [32, 38]-=-. We have developed the following tatami conventions as style guidelines for the proof websites generated by Kumo, which in fact are display proofwebs: 1. Tatami pages are the most important constitue... |

338 |
Designing the Users Interface
- SHNEIDERMAN
- 1998
(Show Context)
Citation Context ...neral, and for website design in particular, nearly always calls for using style guidelines to produce a uniform "look and feel" that is appropriate for the particular application involved, =-=e.g., see [32, 38]-=-. We have developed the following tatami conventions as style guidelines for the proof websites generated by Kumo, which in fact are display proofwebs: 1. Tatami pages are the most important constitue... |

104 |
Algebraic Semantics of Imperative Programs
- Goguen, Malcolm
- 1996
(Show Context)
Citation Context ...s of systems of related signs, including their structural aspects. For computer scientists, it is natural to formalize the intuitive notion of a sign system using the tools of algebraic specification =-=[17]-=-, as a loose algebraic theory 8 ProofDB SpecDB XML XSL parse(spec) modules execute (spec) combine validate Duck script getspec spec get lemma lemma get results Browser parser BOBJ processor Duck docum... |

98 |
The hero with a thousand faces
- Campbell
- 1949
(Show Context)
Citation Context ...wn limitations of human cognitive capacity [30]. 2. The idea of a giving a "narrative" order to tatami pages comes from the theory of stories [25]; the idea of including obstacles comes from=-= Campbell [5]-=- and others. 3. Attaching prover-supplied informal explanation pages to proof pages was suggested by the close connection between narrative clauses and evaluative material in stories 11 [25]; the eval... |

85 | Towards an algebraic semantics for the object paradigm
- GOGUEN, DIACONESCU
- 1994
(Show Context)
Citation Context ...ng multiple visible and hidden parameters, which greatly extends the expressive power. Behavioral logic is a diverse research area containing many approaches, including the original hidden algebra of =-=[9, 14, 19, 18]-=-, the coherent hidden algebra of Diaconescu [6, 7], the observational logic of Bidoit and Hennicker [1, 2, 24], and a new generalization of hidden algebra that tries to treat all these variants in a u... |

72 |
Types as theories
- Goguen
- 1991
(Show Context)
Citation Context ...ion and verification called hidden algebra, which extends standard many sorted algebra by distinguishing between "visible" sorts used to model data, and "hidden" sorts used to mode=-=l states, following [9]-=-. This framework provides simple and natural ways to define behavioral equivalence of states, behavioral satisfaction of properties, and behavioral refinement of specifications. Standard equational de... |

71 |
The logic of inexact concepts
- Goguen
- 1969
(Show Context)
Citation Context ...y truth value t(n) at each node n. A boolean expression defining t(n) is also associated with node n; it is the disjunction of the expressions for the fans going out from n. We use the fuzzy logic of =-=[8]-=- to evaluate the expressions. The truth value 1 means that there is a formal proof, while 0 means that there is a formal disproof. ffl A proofdoag is a truthdoag such that each node has a validation t... |

64 |
An introduction to algebraic semiotics, with applications to user interface design
- Goguen
- 1999
(Show Context)
Citation Context ...s should be made explicit, and that relevant background and tutorial material should be integrated with proofs. These recommendations follow ideas from cognitive psychology, narratology and semiotics =-=[11, 12]-=-, as discussed further in Section 3. In particular, the structure of Tatami system's proof website was designed using algebraic semiotics, which combines algebraic specification with social semiotics ... |

59 |
Life Stories: The creation of Coherence
- Linde
- 1993
(Show Context)
Citation Context ... an optional opening "orientation" section, giving necessary background for understanding the story, such as time and place, as well as a closing section containing the "moral" of =-=the story; see also [26, 27]-=-. The influence of these ideas on our proof website design conventions is described in in the next section. 3.3 Proofwebs and the Tatami Conventions Proof representations can be described at several l... |

57 |
The Transformation of Experience in Narrative Syntax
- Labov
- 1972
(Show Context)
Citation Context ...integrated into their structure, instead of being ignored. As Aristotle said, "Drama is conflict." An important resource for our work has been the theory of oral narratives developed by Will=-=iam Labov [25], who show-=-ed that these have a precise structure, involving a sequence of 9 so-called "narrative clauses" which describe events (the default ordering of which corresponds to their order in the story),... |

52 | Observational logic
- Hennicker, Bidoit
- 1999
(Show Context)
Citation Context ...e research area containing many approaches, including the original hidden algebra of [9, 14, 19, 18], the coherent hidden algebra of Diaconescu [6, 7], the observational logic of Bidoit and Hennicker =-=[1, 2, 24]-=-, and a new generalization of hidden algebra that tries to treat all these variants in a uniform way [35, 21]. These approaches fall into two broad categories, depending on whether or not a fixed data... |

46 |
José Meseguer, Kokichi Futatsugi and JeanPierre Jouannaud. Introducing OBJ
- Goguen, Winkler
- 2000
(Show Context)
Citation Context ...winging types" are a powerful but less closely related approach [31]. The BOBJ (for Behavioral OBJ) hidden algebraic specification language extends the classical algebraic specification language =-=OBJ3 [23]-=- to behavioral properties, and can also be considered a dialect of the CafeOBJ specification language [7]. Like CafeOBJ, it supports both classical and hidden algebraic specification; in addition, it ... |

42 | Hiding more of hidden algebra
- Goguen, Ro¸su
- 1999
(Show Context)
Citation Context ...is impossible to give a complete recursively enumerable set of inference rules for hidden algebra [4], so there cannot be any final resting point on this quest. For more detail on hidden algebra, see =-=[18, 19, 20, 21, 34, 35]-=-. Hidden algebra handles all the main features of modern software systems, including states, classes, subclasses, attributes, methods, abstract data types, concurrency, distribution, nondeterminism, g... |

40 | Towards a social, ethical theory of information
- Goguen
- 1997
(Show Context)
Citation Context ...urther in Section 3. In particular, the structure of Tatami system's proof website was designed using algebraic semiotics, which combines algebraic specification with social semiotics in the sense of =-=[10]-=-. The present paper is an extension, revision and amalgamation of work reported in [15, 16] and other papers. Although this particular paper focuses on system architecture and user interface issues, f... |

35 |
Behavioral coherence in object-oriented algebraic specification
- Diaconescu
- 1998
(Show Context)
Citation Context ...tends the expressive power. Behavioral logic is a diverse research area containing many approaches, including the original hidden algebra of [9, 14, 19, 18], the coherent hidden algebra of Diaconescu =-=[6, 7]-=-, the observational logic of Bidoit and Hennicker [1, 2, 24], and a new generalization of hidden algebra that tries to treat all these variants in a uniform way [35, 21]. These approaches fall into tw... |

34 | Observer complete definitions are behaviourally coherent, in: OBJ/CafeOBJ/Maude at Formal Methods ’99
- Bidoit, Hennicker
- 1999
(Show Context)
Citation Context ...e research area containing many approaches, including the original hidden algebra of [9, 14, 19, 18], the coherent hidden algebra of Diaconescu [6, 7], the observational logic of Bidoit and Hennicker =-=[1, 2, 24]-=-, and a new generalization of hidden algebra that tries to treat all these variants in a uniform way [35, 21]. These approaches fall into two broad categories, depending on whether or not a fixed data... |

32 |
A Hidden Agenda, Theoretical Computer Science 245
- Goguen, Malcolm
- 2000
(Show Context)
Citation Context ...e systems often do not satisfy their specifications strictly, but instead only satisfy them behaviorally, i.e., appear to satisfy them in all relevant situations. Our logic for this is hidden algebra =-=[19, 35]-=-. Code is regarded as secondary, because it can be (relatively!) quickly written or even automatically generated from specifications that are sufficiently modular and detailed, and empirical studies s... |

31 |
de Saussure, Course in General Linguistics
- Ferdinand
- 1916
(Show Context)
Citation Context ...s algebraic semiotics, a novel technique that provides systematic ways to evaluate the quality of proof presentations. 3.1 Algebraic Semiotics An important insight attributed to Ferdinand de Saussure =-=[37]-=- is that signs should not be considered in isolation, but rather as elements of systems of related signs, including their structural aspects. For computer scientists, it is natural to formalize the in... |

27 | Hidden congruent deduction
- Rosu, Goguen
(Show Context)
Citation Context ...e systems often do not satisfy their specifications strictly, but instead only satisfy them behaviorally, i.e., appear to satisfy them in all relevant situations. Our logic for this is hidden algebra =-=[19, 35]-=-. Code is regarded as secondary, because it can be (relatively!) quickly written or even automatically generated from specifications that are sufficiently modular and detailed, and empirical studies s... |

25 | Incompleteness of behavioral logics - Buss, Ro¸su |

24 | Hidden coinduction: behavioral correctness proofs for objects
- Goguen, Malcolm
- 1999
(Show Context)
Citation Context ...is impossible to give a complete recursively enumerable set of inference rules for hidden algebra [4], so there cannot be any final resting point on this quest. For more detail on hidden algebra, see =-=[18, 19, 20, 21, 34, 35]-=-. Hidden algebra handles all the main features of modern software systems, including states, classes, subclasses, attributes, methods, abstract data types, concurrency, distribution, nondeterminism, g... |

19 | Social and semiotic analyses for theorem prover user interface design. Formal Aspects of Computing, 11:272–301. Special issue on user interfaces for theorem provers
- Goguen
- 1999
(Show Context)
Citation Context ...s should be made explicit, and that relevant background and tutorial material should be integrated with proofs. These recommendations follow ideas from cognitive psychology, narratology and semiotics =-=[11, 12]-=-, as discussed further in Section 3. In particular, the structure of Tatami system's proof website was designed using algebraic semiotics, which combines algebraic specification with social semiotics ... |

17 | Observational specifications and the indistinguishability assumption
- Bernot, Bidoit, et al.
- 1995
(Show Context)
Citation Context ...e research area containing many approaches, including the original hidden algebra of [9, 14, 19, 18], the coherent hidden algebra of Diaconescu [6, 7], the observational logic of Bidoit and Hennicker =-=[1, 2, 24]-=-, and a new generalization of hidden algebra that tries to treat all these variants in a uniform way [35, 21]. These approaches fall into two broad categories, depending on whether or not a fixed data... |

15 |
What is wrong with GUIs for theorem provers
- Merriam, Harrison
- 1997
(Show Context)
Citation Context ...bsite Duck code editing Execute Kumo User Figure 1: The Edit-Execute-Browse Cycle While this edit-execute-browse cycle (again see Figure 1) might seem old-fashioned to some readers, empirical studies =-=[29]-=- and our own experience have found that the current fad for direct manipulation interfaces for theorem proving systems is actually counter-productive for complex proofs, although it may have some valu... |

13 | Tools for distributed cooperative design and validation
- Goguen, Lin, et al.
- 1998
(Show Context)
Citation Context ...designed using algebraic semiotics, which combines algebraic specification with social semiotics in the sense of [10]. The present paper is an extension, revision and amalgamation of work reported in =-=[15, 16]-=- and other papers. Although this particular paper focuses on system architecture and user interface issues, for the convenience of interested readers, the bibliography attempts to list most of the pap... |

12 | Circular Coinduction
- Rosu, Goguen
- 2001
(Show Context)
Citation Context ...l deduction generalizes with small changes, but more powerful inference rules are needed for most interesting proofs. Hence we have been developing a series of increasingly powerful coinduction rules =-=[33, 34, 35]-=-, which greatly extend deductive power, and which in practice yield conceptually simple and highly mechanizable proofs. Recent research shows it is impossible to give a complete recursively enumerable... |

11 |
Akira Mori, Grigore Rosu, and Akiyoshi Sato. Distributed cooperative formal methods tools
- Goguen, Lin
- 1997
(Show Context)
Citation Context ...designed using algebraic semiotics, which combines algebraic specification with social semiotics in the sense of [10]. The present paper is an extension, revision and amalgamation of work reported in =-=[15, 16]-=- and other papers. Although this particular paper focuses on system architecture and user interface issues, for the convenience of interested readers, the bibliography attempts to list most of the pap... |

11 | A hidden Herbrand theorem: Combining the object, logic and functional paradigms
- Goguen, Malcolm, et al.
(Show Context)
Citation Context ...is impossible to give a complete recursively enumerable set of inference rules for hidden algebra [4], so there cannot be any final resting point on this quest. For more detail on hidden algebra, see =-=[18, 19, 20, 21, 34, 35]-=-. Hidden algebra handles all the main features of modern software systems, including states, classes, subclasses, attributes, methods, abstract data types, concurrency, distribution, nondeterminism, g... |

11 |
Swinging types = functions + relations + transition systems
- Padawitz
- 1999
(Show Context)
Citation Context ...is assumed for all models. All proof rules in use are sound for all these logics, but all of them are also incomplete [4]. Padawitz's "swinging types" are a powerful but less closely related=-= approach [31]-=-. The BOBJ (for Behavioral OBJ) hidden algebraic specification language extends the classical algebraic specification language OBJ3 [23] to behavioral properties, and can also be considered a dialect ... |

10 | A protocol for distributed cooperative work
- Goguen, Ro, et al.
- 1999
(Show Context)
Citation Context ...o, one or more parents) and the other data items discussed above. We have formally proved the correctness of the Tatami protocol with respect to a communication medium that can lose or duplicate data =-=[22]-=-, and have implemented it using the IP internet protocol. 2.4 Some Implementation Details Figure 3 is an overview of the Tatami system architecture. Its most important components are the Kumo website ... |

10 |
The Ethnomethodology of Mathematics
- Livingston
- 1987
(Show Context)
Citation Context ...parating mechanical proof scores from the proof pages that generate them allows hiding the most routine details of proofs, just as human proofs often omit details in order to highlight the main ideas =-=[28]-=-; however, proof readers can still view them, and even execute them on a proof server. 8. The justification for giving each kind of webpage a different background and a different frame is discussed be... |

7 |
The organization of discourse
- Linde
- 1981
(Show Context)
Citation Context ... an optional opening "orientation" section, giving necessary background for understanding the story, such as time and place, as well as a closing section containing the "moral" of =-=the story; see also [26, 27]-=-. The influence of these ideas on our proof website design conventions is described in in the next section. 3.3 Proofwebs and the Tatami Conventions Proof representations can be described at several l... |

6 | Behavioral coinductive rewriting
- Rosu
- 1999
(Show Context)
Citation Context ...l deduction generalizes with small changes, but more powerful inference rules are needed for most interesting proofs. Hence we have been developing a series of increasingly powerful coinduction rules =-=[33, 34, 35]-=-, which greatly extend deductive power, and which in practice yield conceptually simple and highly mechanizable proofs. Recent research shows it is impossible to give a complete recursively enumerable... |

3 |
and Grigore Rosu, Incompleteness of Behavioral Logics
- Buss
- 2000
(Show Context)
Citation Context ... which in practice yield conceptually simple and highly mechanizable proofs. Recent research shows it is impossible to give a complete recursively enumerable set of inference rules for hidden algebra =-=[4]-=-, so there cannot be any final resting point on this quest. For more detail on hidden algebra, see [18, 19, 20, 21, 34, 35]. Hidden algebra handles all the main features of modern software systems, in... |